From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id SAhsJS8ddmIjkAAAbAwnHQ (envelope-from ) for ; Sat, 07 May 2022 09:18:07 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id AIV0JC8ddmL5RgEAG6o9tA (envelope-from ) for ; Sat, 07 May 2022 09:18:07 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 37BF4F237 for ; Sat, 7 May 2022 09:18:07 +0200 (CEST) Received: from localhost ([::1]:40616 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nnEha-0007km-Ck for larch@yhetil.org; Sat, 07 May 2022 03:18:06 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:55002) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nnEhG-0007i8-EN for guix-devel@gnu.org; Sat, 07 May 2022 03:17:46 -0400 Received: from michel.telenet-ops.be ([2a02:1800:110:4::f00:18]:59610) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1nnEhE-0008Ef-9q for guix-devel@gnu.org; Sat, 07 May 2022 03:17:46 -0400 Received: from ptr-bvsjgyhxw7psv60dyze.18120a2.ip6.access.telenet.be ([IPv6:2a02:1811:8c09:9d00:3c5f:2eff:feb0:ba5a]) by michel.telenet-ops.be with bizsmtp id TjHg2700T4UW6Th06jHgeW; Sat, 07 May 2022 09:17:41 +0200 Message-ID: <63f9c8070ba363fc83ce39ac067dd992d67c6d3c.camel@telenet.be> Subject: Re: Multiple profiles with Guix Home From: Maxime Devos To: Liliana Marie Prikler , guix-devel@gnu.org Date: Sat, 07 May 2022 09:17:36 +0200 In-Reply-To: <08bbdf58ca44241d1e14236201d6c5cb6a336e91.camel@gmail.com> References: <550e75e83ee9c154766294779c8fd0b5f3715355.camel@telenet.be> <06de1b665cea1f4ca6e2b032168a38f7dbf8a82a.camel@telenet.be> <4fd13e93eddb301528b2ef10735090a098043f37.camel@gmail.com> <02a9ca4aed99618b2595176edd6b500229c13072.camel@gmail.com> <15dfb5937854ca9829d919ba2f92fecaa4eedaee.camel@telenet.be> <08bbdf58ca44241d1e14236201d6c5cb6a336e91.camel@gmail.com> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-vj7bO5b4eRcxpd9QcH70" User-Agent: Evolution 3.38.3-1 MIME-Version: 1.0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=telenet.be; s=r22; t=1651907861; bh=ynKJonn5DyHSc/GF4z5FyUNVxekG6Z7x07KZq1W5+8o=; h=Subject:From:To:Date:In-Reply-To:References; b=iSLKP+rgf/Da75oFUjMs3QIlUkyr+kpQqa+MNNC8zMdSrBguKfbcWHprxZjqJao9E SmzhyC3ifPnv9/d51ij33IMf8Z3ZqPfWbEm/BI+VzNL6CmQQD/8wiOMgSDrSrlhd9+ XjbqVJz5mgMYsnCrMJ5AfxoxQA4Dbin/MOw/2i/Sb+huOvwiWnNA1OB2wAXprUoD3C 6phkhEeIhmeJx7vxVo4XC2QTnGY/8JHwdeXLChAXFyXdx1HrQdWVEDLXhg6hJRdk9j KyiuQsb7hrhLADM2iwUs36aBiBs3/MDHeGHVslBTbpNZsO0IPRshaXIagzirPNpkIX ik5F+Q1PnpJbg== Received-SPF: pass client-ip=2a02:1800:110:4::f00:18; envelope-from=maximedevos@telenet.be; helo=michel.telenet-ops.be X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1651907887; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=ynKJonn5DyHSc/GF4z5FyUNVxekG6Z7x07KZq1W5+8o=; b=E6LkfmMXELSetFV6d1HjHx2VbmsInL9L9UOgcHkBKAzHnfUX2KYKWtyuBQojDB8tuve1ON w32pl3j95z+Hp8rna/OC6amfXlsLPgXZIxJSdenuI1XAZD9s/oDUd1zO2EI9RVxKWAeicB JY4xTLJC5ykkmTmBg1g8jD4RD1I1s1+au/XCPqsUNAzwrsn1IH8uVn40CfBvc3Mo3IUMaF Xot2h96Zax/E4e8WItwhC77IvRUzFdkURYHu11gBunZo+9RJGtoes8uk+3AJLQjIv8gadi YdXBHfYYvmnTNgH3bd0AvfaQnykd2nsSBp+HHfMpe48Dhfd/IurznGWgHOC9Jg== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1651907887; a=rsa-sha256; cv=none; b=f5ZNXCoZCYOdBAQ2s88aYQn9JtTwTGCylXsUOIdt7m2CeOofViF0BoQSk1t3xGZSmo7x8p 7L9nmdoKdILMNoSTwnKyoFQ4qxD5cF9QPGp9HPDCAG0tuKpvYT32iqK2vsXxypLZscjpbM tQ2tY/BEq9QwVJMRBWCJU3AB6Rj2yvDicF0vdgp/cNibxcF5Scf70chl66/+fsNSHoRPkA EOgdA3VNYvfP5WTn2mBqmt4M9Pkudbr32rB2jphii+yClpyzOPgwJapJ8ALaa8lGrXsK5g 5ANlBdC4qC71R0VAlGGKtJJdbu5f7ysXRpS0al1nSZsjwHNAraAKPbU5XYc00g== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=telenet.be header.s=r22 header.b=iSLKP+rg; dmarc=pass (policy=none) header.from=telenet.be; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -6.50 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=telenet.be header.s=r22 header.b=iSLKP+rg; dmarc=pass (policy=none) header.from=telenet.be; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 37BF4F237 X-Spam-Score: -6.50 X-Migadu-Scanner: scn0.migadu.com X-TUID: DA3HnWPJlW2H --=-vj7bO5b4eRcxpd9QcH70 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable > > It is a clear thematic division to me. Though it's a bit large, > > maybe 'applications' could be divided futher in more specific > themes > > (=E2=80=98office=E2=80=99 apps, games, terminal utilities, ...). > Yeah, that division makes more sense, but note that none of the > categories you cited call specifically for SSL_CERT_DIR/FILE. It > really is curl, which you might categorize as "terminal utility", but > more accurately fits into "web" along with nss-certs, for example. I don't have 'curl' or 'wget' installed. 'minetest' falls under games and can be used offline, yet it requires SSL_CERT_DIR/FILE for contacting its =E2=80=98mod=E2=80=99 server ContentDB= . In the past, I've had a 'calibre' package installed, which in some usage modes contacts the network and needs TLS certificates (I don't know if it respect SSL_CERT_DIR/SSL_CERT_FILE) -- I guess I would classify it as =E2=80=98office=E2=80=98, not =E2=80=98web=E2=80=99 'emacs' can be used to browse the =E2=80=98web=E2=80=99 (and hence might re= spect SSL_CERT_DIR/SSL_CERT_FILE, not sure), yet it would be classified as maybe =E2=80=98office=E2=80=99 but not =E2=80=98web=E2=80=99. I guess =E2=80=98git=E2=80=99 could be classified as =E2=80=98web=E2=80=99,= but it seems more something for =E2=80=98terminal utilities=E2=80=99 or such to me, and it uses certifi= cates for repositories over https://. =E2=80=98gpg=E2=80=99 looks like something for =E2=80=98terminal utilities= =E2=80=99 to me, yet it can contact keyservers (though I'm not sure it can do so over HTTPS), which might need certificates (I don't know if it respects SSL_CERT_DIR/SSL_CERT_FILE). 'vlc' can stream videos from over the Internet (over HTTP or HTTPS), so it might need certificates (I don't know if it respects SSL_CERT_DIR/SSL_CERT_FILE), but it doesn't seem like =E2=80=98web=E2=80=99= to me. AFAICT, the only for reason SSL_CERT_DIR/SSL_CERT_FILE would be set on my system, is the =E2=80=98youtube-dl=E2=80=99 package (that is, once the s= earch path is added to the package), and the =E2=80=98openssl=E2=80=99 package, which = AFAICT was only installed to work around =E2=80=98SSL_CERT_DIR/SSL_CERT_FILE is not se= t because many packages forget SSL_CERT_DIR/SSL_CERT_FILE in the native- search-paths'. Liliana Marie Prikler schreef op vr 06-05-2022 om 23:32 [+0200]: > > > But what's more both nss-certs, glibc-locales and other packages > > > that on their own provide everything you need in a search path > > > can > > > already be handled easily with existing mechanisms of Guix Home. > >=20 > > I haven't found any such mechanism -- I haven't found any hits for > > 'GUIX_LOCPATH' or SSL_CERT_DIR/FILE'.=C2=A0 At most I've found > > 'environment-variables->setup-environment-script', but as user I > > just > > want to add packages to a profile and have it work without having > > to > > manually fiddle with environemnt variables. > I'm pretty sure Guix Home allows you to write your bashrc with gexps, > no?=C2=A0 So you could put (string-append "export SSL_CERT_DIR=3D" #$nss- > certs "/etc/ssl/certs") in there IIRC. That's the kind of manual fiddling I was referring to (I don't want to have to known any Bash more complicated that just starting some binary), which I'd like Guix Home to automatically do for me instead.=20 Why can't Guix (Home) do this for me? Also, ~/.bashrc is Bash specific, did you mean ~/.profile or .../etc/profile instead? > > [search paths things] > Perhaps, but this requires more than simply a declarative way of > managing profiles, which is the main point here. It would require > search-paths as first class citizens of profiles in addition to that, > which I already mentioned a few times in between. As such, I consider addressing the search paths limitation a requirement for the new =E2=80=98separated profiles with Guix Home=E2=80=99= , though as I understand it, you do not consider it to be a blocker? Greetings, Maxime. --=-vj7bO5b4eRcxpd9QcH70 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iI0EABYKADUWIQTB8z7iDFKP233XAR9J4+4iGRcl7gUCYnYdEBccbWF4aW1lZGV2 b3NAdGVsZW5ldC5iZQAKCRBJ4+4iGRcl7iR9AP97j7SuGM3lSxRtsPyWtYyG+qwE Pn6AsF7A110N++/YtgEAtHMYw775sga87EcNcVF2/x75g+2kHhVGMMqxoNTp7w8= =oJ0/ -----END PGP SIGNATURE----- --=-vj7bO5b4eRcxpd9QcH70--